I managed to get past the login form of a website, using wget and the --post-data and --save-cookies options.

Now I try to fill-in some fields of a webpage, and do a submit. The issue is, that there is a 'turing' hidden field on the webpage, which is a different value every single time.

What I tried, is to open the webpage, with my cookies loaded, and get the turing value. Then do another wget with --post-data and put all my fields in there, including the turing field. But it doesn't work.

Also, there are several form's on the webpage, so I guess I have to add the form name. correct?

Any ideas?

<form action="article.php" method="post" name="postmessage">
 <table width="100%" class="table_lines" border="0" cellspacing="0" cellpadding="6">
  <tr>
   <td>subject</td>
   <td><input type="text" name="messageinput[0]" value=""></td>
  </tr>
  <tr>
   <td>tags</td>
   <td><input type="text" name="messageinput[1]" value=""></td>
  </tr>
  <tr>
   <td>Message</td>
   <td><input type="text" name="messageinput[2]" value=""></td>
  </tr>
  <td colspan="2" align="center"><input name="mesbut" type="submit" value="Post Message" onclick="document.postmessage.mesbut.value='Posting..'; document.postmessage.mesbut.disabled=true;document.postmessage.submit();"></td>
 </table>
 <input type="hidden" name="turing" value="wgbyp">
</form>

So what I tried is (after the login):

/usr/bin/wget -q --load-cookies cookie.txt http://www.myurl.com/article.php -O output.html
TURING=$(sed -n -e 's/.*name="turing" value="\(.*\)">.*/\1/p' output.html)

/usr/bin/wget -q --load-cookies cookie.txt --post-data "messageinput[0]=mysubject&messageinput[1]=&messageinput[2]=mymessage&turing=${TURING}&postmessage=1&mesbut=1"  http://www.myurl.com/article.php -O output2.html

But it isn't working.

The first wget needs to use --save-cookies.

Are you getting anything at all in cookie.txt in your example?

Seems my info did work. I just didn't provide sufficient fields for the webpage.